We were getting hammered with spam this morning. When I review the log file for MagicSpam I found that half of the messages that are all similiar in nature from the same sender at a dozen different domains are flagged as SPAM the other half as HAM.
I can not seem to add "Nitroxin@*" as a blacklist sender as wild cards are not allowed. But the domain is constantly changing.
Any thoughts?
2014-01-14 06:21:36 magicspam-mailenable[1528]: HAM: mua=0,ip=[192.3.206.13:.],helo=<wkeo13.prospriti.com>,from=<Nitroxin@prospriti.com>,rcpt=
2014-01-14 06:21:36 magicspam-mailenable[1528]: HAM: mua=0,ip=[192.3.206.13:.],helo=<wkeo13.prospriti.com>,from=<Nitroxin@prospriti.com>,rcpt=
2014-01-14 06:21:36 magicspam-mailenable[1528]: HAM: mua=0,ip=[192.3.206.13:.],helo=<wkeo13.prospriti.com>,from=<Nitroxin@prospriti.com>,rcpt=
2014-01-14 06:21:37 magicspam-mailenable[1528]: HAM: mua=0,ip=[192.3.206.13:.],helo=<wkeo13.prospriti.com>,from=<Nitroxin@prospriti.com>,rcpt=
2014-01-14 06:21:45 magicspam-mailenable[1528]: HAM: mua=0,ip=[192.3.206.13:.],helo=<wkeo13.prospriti.com>,from=<Nitroxin@prospriti.com>,rcpt=
2014-01-14 06:24:55 magicspam-mailenable[2176]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[64.120.241.66:64-120-241-66.static.hostnoc.net],helo=<dsu66.servicfor.com>,from=<Nitroxin@servicfor.com>,rcpt=
2014-01-14 06:24:56 magicspam-mailenable[2176]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[64.120.241.66:64-120-241-66.static.hostnoc.net],helo=<dsu66.servicfor.com>,from=<Nitroxin@servicfor.com>,rcpt=
2014-01-14 06:52:10 magicspam-mailenable[3824]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[64.120.241.66:64-120-241-66.static.hostnoc.net],helo=<dsu66.servicfor.com>,from=<Nitroxin@servicfor.com>,rcpt=
2014-01-14 06:52:11 magicspam-mailenable[3824]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[64.120.241.66:64-120-241-66.static.hostnoc.net],helo=<dsu66.servicfor.com>,from=<Nitroxin@servicfor.com>,rcpt=
2014-01-14 06:52:11 magicspam-mailenable[3824]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[64.120.241.66:64-120-241-66.static.hostnoc.net],helo=<dsu66.servicfor.com>,from=<Nitroxin@servicfor.com>,rcpt=
2014-01-14 06:54:12 magicspam-mailenable[4452]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[174.139.85.123:174.139.85.123.static.customer.krypt.com],helo=<mona123.cvarieties.com>,from=<AIG_Direct_Inc@cvarieties.com>,rcpt=
2014-01-14 06:54:43 magicspam-mailenable[1940]: SPAM[valid_helo_domain]: mua=0,ip=[176.9.50.48:mixoteka.com],helo=<Debian-60-squeeze-64-LAMP>,from=<www-data@mixoteka.com>,rcpt=
half of spam message flagged as ham
Re: half of spam message flagged as ham
Hello,
Thank you for your post!
It looks that the messages that were not blocked, as shown in your log, were sent from an IP address that was not caught by the same anti-spam rule "check_dynamic_reverse_dns" due to its PTR record.
We noticed however that the IP address "192.3.206.13" is listed on two block lists: PSBL and MIPSPACE.
You might want to enable one or two of these IP Reputation Lists via your MagicSpam dashboard.
Please let us know if you have any further questions!
-- MagicSpam Support Team --
Thank you for your post!
It looks that the messages that were not blocked, as shown in your log, were sent from an IP address that was not caught by the same anti-spam rule "check_dynamic_reverse_dns" due to its PTR record.
We noticed however that the IP address "192.3.206.13" is listed on two block lists: PSBL and MIPSPACE.
You might want to enable one or two of these IP Reputation Lists via your MagicSpam dashboard.
Please let us know if you have any further questions!
-- MagicSpam Support Team --
Re: half of spam message flagged as ham
Thank you.
The PSBL list was enabled, but the MIPSPACE was not.
I enabled it so we'll see if this makes a difference.
Thanks
The PSBL list was enabled, but the MIPSPACE was not.
I enabled it so we'll see if this makes a difference.
Thanks
Who is online
Users browsing this forum: No registered users and 6 guests